The Prizes and Betting Secretariat (SPA) of the Ministry of Finance announced another ordinance with technical and security details of betting systems, as well as its sports betting and online gaming platforms.
Published in the Official Gazette of the Union last Friday (3), the regulation determines that groups establish betting services and corresponding data in centers in Brazil.
It is worth noting that the electronic channels used by operators must use the ‘bet.br’ domain registration, so that bettors can easily distinguish between licensed and illegal betting houses.
In addition, bets will need to be certified by laboratories recognized by the authority, as well as sending information related to bettors, portfolios and bets to SPA.
SPA/MF ORDINANCE No. 722, OF MAY 2, 2024
Establishes the technical and security requirements of betting systems, as well as their sports betting and online gaming platforms, to be used by fixed-odd betting lottery operating agents, as provided for in Law No. 13,756, of December 12, 2018, and Law No. 14,790, of December 29, 2023.
THE SECRETARY OF PRIZES AND BETS OF THE MINISTRY OF FINANCE, in the use of the powers conferred on him by art. 55, item I, item “d”, of Annex I of Decree No. 11,907, of January 30, 2024, and in view of the provisions of art. 29, § 3, of Law No. 13,756, of December 12, 2018, in art. 7th, § 1st, item VII, of Law No. 14,790, of December 29, 2023, and in art. 6th, item V, of MF Normative Ordinance No. 1,330, of October 26, 2023, resolves:
CHAPTER I
PRELIMINARY PROVISIONS
Art. 1 This Ordinance establishes the technical and security requirements of betting systems, as well as their sports betting and online gaming platforms, to be used by fixed-odd betting lottery operating agents, which deal with the Law No. 13,756, of December 12, 2018, and Law No. 14,790, of December 29, 2023.
Art. 2 For the purposes of this Ordinance, it is considered:
I – betting system: computerized system managed and made available by operators to bettors that enables the registration of bettors, the management of their virtual wallets and other functionalities necessary for the management, operation and marketing of fixed-odd bets;
II – betting platform: electronic channel integrated into the betting system used to offer sports betting and online games to bettors.
III – certifying entity: legal entity with operational capacity recognized by the Ministry of Finance to test and certify equipment, programs, instruments and devices that comprise betting systems, live gaming studios and online games used by lottery operators fixed odds betting, subject to the technical requirements established in specific regulations;
IV – data center: place where the operating agent’s computational systems are concentrated, such as the data storage system;
V – Information Technology continuity plan: plan that covers the strategies necessary for the continuity of essential information technology services, such as contingency, continuity and recovery;
VI – critical component: any component in which a failure or compromise could lead to the loss of the bettor’s rights, loss of revenue from the Union or legal recipients, impediment or difficulties in the regulator’s access to operational information, occurrence of unauthorized access to data the betting system, or non-compliance with the rules that regulate the operation of fixed-odd betting in the country; It is
VII – betting terminal: device made available by the operating agent in which the bettor can place bets in physical mode.
CHAPTER II
TECHNICAL REQUIREMENTS
Art. 3 Betting systems, integrated by sports betting and online gaming platforms, used by operating agents to explore the lottery modality of fixed-odd betting must observe and implement the technical requirements established in this Ordinance and its Annexes.
Art. 4 Operating agents must maintain the betting system and the respective data in data centers located in Brazilian territory, observing the provisions of Law No. 13,709, of August 14, 2018.
§1º The systems and data referred to in the caput of this article may be located outside the national territory, in countries that have an International Legal Cooperation Agreement with Brazil, in civil and criminal matters jointly, provided that item VIII of the caput is observed. of art. 33 of Law No. 13,709, of 2018, and the following requirements are met cumulatively:
I – the holder must authorize, specifically and in advance, the international transfer of their personal data, with the operating agent being responsible for providing clear information regarding the purpose of the operation;
II – the responsible technical area of the Ministry of Finance must have secure and unrestricted access, remotely and in person, to systems, platforms and operation data;
III – the operating agent must replicate, in Brazil, its database and information, which will be updated continuously, ensuring that all instances of the database have the same content, and that they are tested periodically; It is
IV – the operating agent must present an Information Technology business continuity plan, in the event of the occurrence of critical situations that could put the operation and data at risk, containing, at a minimum:
a) mapping of probable loss scenarios;
b) identification, analysis and assessment of risks;
c) prevention and mitigation actions; It is
d) designation of those responsible.
§2º The data center used must have ISO 27001 certification.
Art. 5 The electronic channels used by the operating agent to offer fixed-odd bets online must use the “bet.br” domain registration, in accordance with specific regulations.
CHAPTER III
CERTIFICATION AND CERTIFICATION ASSESSMENT REPORT
Art. 6 Operating agents must maintain betting systems, which include sports betting and online gaming platforms, certified by a certifying entity whose operational capacity has been recognized by the Prizes and Bets Secretariat of the Ministry of Finance, under the terms of Ordinance MF/SPA nº 300, of February 23, 2024.
§1 The certificates issued by the certifying entity must attest that betting systems, including sports betting and online gaming platforms, are in full compliance with the technical requirements defined in Annexes I, II and III of this Ordinance, including in regarding the integration between its modules and platforms.
§2º In situations where the modules and platforms of the betting systems used by the operating agent do not have the same compilation version and the same supplier, it will be mandatory to verify the integration between them by the certifying entities whose technical capacity has been recognized by the Ministry of Farm.
§3 Betting systems, including the platforms referred to in the caput, must maintain valid certificates for the entire duration of the authorization granted.
§4 The certificates issued by the certifying entity for betting systems will include sports betting and online gaming platforms and must be revalidated annually, and whenever there is inclusion, change and exclusion of critical components.
§5 The certificate revalidated under the terms of § 4 must be sent to the Prizes and Bets Secretariat of the Ministry of Finance within a period of up to five working days after issuance.
Art. 7 Certificates must be issued specifically for Brazil by certifying entities authorized by the Secretariat of Prizes and Bets of the Ministry of Finance, in accordance with Ordinance MF/SPA nº 300, of February 23, 2024.
Art. 8 Operating agents must present, within ninety days after the publication of the act of authorization by the Prizes and Betting Secretariat of the Ministry of Finance, an evaluation report for certification of the technical requirements defined in Annex IV of this Ordinance issued by a certifying entity whose operational capacity has been recognized by the Prizes and Betting Secretariat of the Ministry of Finance.
Single paragraph. The certification assessment reports issued by the certifying entity for betting systems and sports betting and online gaming platforms must be revalidated annually.
CHAPTER IV
SUPERVISION AND INSPECTION
Art. 9 The supervision and inspection activities of betting systems, which include sports betting and online gaming platforms, will be regulated in specific regulations of the Secretariat of Prizes and Bets of the Ministry of Finance, respecting the competences of others governmental and consumer protection bodies and entities.
Single paragraph. For the purpose set out in the caput, the operating agent must, at any time, grant full access to the betting systems to the inspection units and agents of the Prizes and Betting Secretariat of the Ministry of Finance.
Art. 10. Operating agents must forward to the Prizes and Betting Secretariat of the Ministry of Finance data relating to bets, bettors, bettors’ portfolios, legal destinations and other information on their operation, according to the periodicity and format established in the Manual SIGAP, available on the website https://www.gov.br/fazenda/pt-br/composicao/orgaos/secretaria-de-premios-e-apostas.
Single paragraph. Without prejudice to the provisions of the caput, the Prizes and Betting Secretariat of the Ministry of Finance may, at any time, request additional information from the operator.
Art. 11. Betting systems, including their sports betting and online gaming platforms, will be subject to inspection procedures, as requested by the Prizes and Bets Secretariat of the Ministry of Finance.
CHAPTER V
BETTING TERMINALS
Art. 12. Operating agents with certified betting systems, when authorized, may offer bets that have as their object real sports-themed events, in physical mode, through betting terminals.
Single paragraph. Fixed-odd bets that focus on online gaming events can only be offered online.
Art. 13. Betting terminals must always be connected and integrated into the operator’s betting system, observing the technical requirements established in Annexes I and II of this Ordinance.
Single paragraph. Bets placed at betting terminals will always be preceded by the identification procedures referred to in art. 23 of Law No. 14,790, of 2023, and will comply with all other rules for placing bets in virtual media, including those relating to payment transactions, in accordance with specific regulations of the Prizes and Bets Secretariat of the Ministry of Finance.
CHAPTER VI
ONLINE GAMES
Art. 14. Online games to be offered by operating agents must have a multiplication factor for the amount bet that defines the amount to be received by the bettor, in the case of a prize, at the time of placing the bet, for each unit of currency national bet, the result of which is determined by the outcome of a random future event, based on a random generator of numbers, symbols, figures or objects defined in the system of rules.
CHAPTER VII
FINAL PROVISIONS
Art. 15. Specific regulations of the Prizes and Betting Secretariat of the Ministry of Finance will regulate the sanctions applicable to the operating agent in case of non-compliance with the provisions of this Ordinance.
Art. 16. The technical requirements of live game studios and online games to be observed by the certifying entities referred to in Ordinance MF/SPA nº 300, of 2024, will be defined in specific regulations.
Art. 17. This Ordinance comes into force on the date of its publication.
REGIS ANDERSON DUDENA
